Logging Query Language
Description:
- Docs
- All Log Fields
- A recipe:
- What do you know about the log entry?
- Log filename, resource, a bit of text?
- Full text searches are slow, but may be effective:
- “/score called”
- → jsonPayload:”/score called”
- or → jsonPayload.message=”/score called”
- or label
- Use indexed SEARCH function for complete text matches, because they perform a case-insensitive match
- SEARCH(textPayload, “hello world”)
- faster than global search
- If possible, restrict text searches to an log field
-  jsonPayload:“/score called”
-  jsonPayload.message=“/score called”
A. Overview:
- Using theÂ
resource.type
 field in the following examples, the Logging query language grammar looks like this:
- Simple restriction:Â
resource.type = "gae_app"
- Conjunctive restriction:Â
resource.type = "gae_app" AND severity = "ERROR"
- Disjunctive restriction:Â
resource.type = "gae_app" OR resource.type = "gce_instance"
- Alternatively:Â
resource.type = ("gae_app" OR "gce_instance")
- Complex conjunctive/disjunctive expression:Â
resource.type = "gae_app" AND (severity = "ERROR" OR "error")
- Example:
resource.type = "gce_instance" AND severity >= "ERROR" AND NOT textPayload:robot
B. Syntax notations:
1. Syntax summary:
- A query contains an expression
expression = ["NOT"] comparison { ("AND" | "OR") ["NOT"] comparison }
- A comparison is either a single value or a boolean expression:
"The cat in the hat"
resource.type = "gae_app
2. Boolean operators:
- AND and OR and NOT:
"a" OR NOT "b" AND NOT "c" OR "d"
("a" OR (NOT "b")) AND ((NOT "c") OR "d")
- And and Or are short-circuit operators
- NOT has highest priority
3. Comparisons:
[FIELD_NAME] [OP] [VALUE]
4. Types of log fields:
6. Comparison operators:
7. Global restrictions:
8. Functions:
9. SEARCH function:
10. Using regular expressions:
C. Finding log entries quickly:
D.